Getflightpath Flightpath vulnerabilities
3 known vulnerabilities affecting getflightpath/flightpath.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2019-13396P1MEDIUMCVSS 5.3ExploitedPoC≥ 4.0, ≤ 4.8.3v5.02019-07-10
CVE-2019-13396 [MEDIUM] CWE-22 CVE-2019-13396: FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_includ
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.
nvd
CVE-2024-50983P4MEDIUMCVSS 5.4v7.52024-11-15
CVE-2024-50983 [MEDIUM] CWE-79 CVE-2024-50983: FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remot
FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or Create/Edit Student User sections.
nvd
CVE-2019-15227P4MEDIUMCVSS 6.1v4.8.32019-08-20
CVE-2019-15227 [MEDIUM] CWE-79 CVE-2019-15227: FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Consol
FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions.
nvd